Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks

  • Rasool Jalili
  • Fatemeh Imani-Mehr
  • Morteza Amini
  • Hamid Reza Shahriari
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3439)


Although the prevention of Distributed Denial of Service (DDoS) attacks is not possible, detection of such attacks plays main role in preventing their progress. In the flooding attacks, especially new sophisticated DDoS, the attacker floods the network traffic toward the target computer by sending pseudo-normal packets. Therefore, multi-purpose IDSs do not offer a good performance (and accuracy) in detecting such kinds of attacks.

In this paper, a novel method for detection of DDoS attacks has been introduced based on a statistical pre-processor and an unsupervised artificial neural net. In addition, SPUNNID system has been designed based on the proposed method. The statistical pre-processing has been used to extract some statistical features of the traffic, showing the behavior of DDoS attacks. The unsupervised neural net is used to analyze and classify them as either a DDoS attack or normal. Moreover, the method has been more investigated using attacked network traffic, which has been provided from a real environment. The experimental results show that SPUNNID detects DDoS attacks accurately and efficiently.


DDoS Attacks Intrusion Detection System Unsupervised Neural Nets Statistical Pre-Processor 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amini, M., Jalili, R.: Network-Based Intrusion Detection Using Unsupervised Adaptive Resonance Theory (ART). In: Proceedings of the 4th Conference on Engineering of Intelligent Systems (EIS 2004), Madeira, Portugal (2004)Google Scholar
  2. 2.
    Gil, T.M., Poletter, M.: Multops: a data-structure for bandwidth attack detection. In: Proceedings of USENIX Security Symposium 2001 (2001)Google Scholar
  3. 3.
    Kaizaki, R., Cho, K., Nakamura, O.: Detection Denial of Service Attacks Using AGURI. In: International Conference Telecommunications, Beijing China (June 2002)Google Scholar
  4. 4.
    Peng, T., Leckie, C., Kotagiri, R.: Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. In: Proceedings of the Third International IFIP-TC6 Networking Conference (Networking 2004), Athens, Greece (2004)Google Scholar
  5. 5.
    Bazek, R., Kim, H., Rozovskii, B., Tartakovsky, A.: A novel approach to detection of enial-of-service attacks via adaptive sequential and batch-sequential change-point methods. In: IEEE Systems, Man and Cybernetics Information Assurance Workshop (June 2001)Google Scholar
  6. 6.
    Noh, S., Lee, C., Jung, G., Choi, K.: Using Inductive Learning for the Detection of Distributed Denial of Service Attacks. In: International Conference on Advances in Infrastructure for Electronic Business, Education, Science, Medicine and Mobile Technologies on the Internet (2003)Google Scholar
  7. 7.
    Ming Li, L.: An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition. In: Computers & Security, vol. 23(7). Elsevier, Amsterdam (2004), ISSN 0167-4048Google Scholar
  8. 8.
    Hussain, A., Heidemann, J., Papadopoulos, C.: A Framework for Classifying Denial of Service Attacks. In: Proceedings of the ACM SIGCOMM Conference, Karlsruhe, Germany, August 2003, pp. 99–110 (2003)Google Scholar
  9. 9.
    Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical Approaches to DDoS Attack Detection and Response. In: DARPA Information Survivability Conference and Exposition (2003)Google Scholar
  10. 10.
    Jin, S., Yeung, D.S.: A Covariance Analysis Model for DDoS Attack Detection. IEEE Communications Society (2004)Google Scholar
  11. 11.
    Mihui, K., Hyunjung, N., Kijoon, C., Hyochan, B., Jungchan, N.: A Combined Data Mining Approach for DDoS Attack Detection. In: Kahng, H.-K., Goto, S. (eds.) ICOIN 2004. LNCS, vol. 3090, pp. 943–950. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Gavrilis, D., Tsoulos, I., Dermatas, E.: Feature selection for robust detection of distributed Denial-of-Service attacks using genetic algorithm. In: Vouros, G.A., Panayiotopoulos, T. (eds.) SETN 2004. LNCS (LNAI), vol. 3025, pp. 276–281. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Cannady, J.: Artificial Neural Networks for Misuse Detection. In: Proceedings of National Information Systems Security Conference (1998)Google Scholar
  14. 14.
    Rhodes, B.C., Mahaffey, J.A., Cannady, J.D.: Multiple Self-Organizing Maps for Intrusion Detection. In: Proceedings of 23rd National Information Systems Security Conference (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Rasool Jalili
    • 1
  • Fatemeh Imani-Mehr
    • 1
  • Morteza Amini
    • 1
  • Hamid Reza Shahriari
    • 1
  1. 1.Department of Computer EngineeringSharif University of TechnologyTehranIran

Personalised recommendations